Posted
by
timothyon Monday August 01, 2005 @01:07AM
from the folks-are-surprised-about-this-why-exactly? dept.

An anonymous reader submits "Several people have discovered that the new Intel kernel Apple has included with the Developer Kit DVD uses TCPA/TPM DRM. More specifically, it includes "a TCPA/Palladium implementation that uses a Infineon 1.1 chip which will prevent certain parts of the OS from working unless authorized."

You forget that pearpc requires you to buy a copy of OSX. Assuming Apple makes x86 OSX require a handshake with the DRM to work, pearpc will cease to work. That's ignoring the fact that an x86 emulator running on x86 would be more than a little redundant. (that's all pearpc is- a CPU/architecture emulator)

The PPC version, of course, will work, albeit slowly. Really, you're just back to where you started.

The headline states "Mac OS X Intel Kernel Uses DRM". According to TFA, it's Rosetta (the PPC emulator, which isn't written by Apple) that uses DRM, not the kernel of the OS itself: We've discovered that the Rosetta kernel uses TCPA/TPM DRM. Some parts of the GUI like ATSServer are still not native to x86 - meaning that Rosetta is required by the GUI, which in turn requires TPM. In fact, we already know that the kernel doesn't use DRM and can run on any Intel box you want, because it's open source and can be downloaded here [apple.com]. It's the GUI that Apple wants to be locking in to their hardware, not the kernel. I suspect that they probably will make something other than Rosetta check the TCPA chip, but that's not what is going on right now.

I know a great deal about TPMs, I have a computer with a TPM. They are very common. Many high end laptops and desktops have TPMs. Here [tonymcfadden.net] is an up to date list of systems that have TPMs. They include manufacturers such as HP, IBM, Acer, NEC, Dell, Gateway, Toshiba, Fujitsu, and Samsung. You've probably heard of some of them. It's easy to get a computer with a TPM. Probably in a few years it will be hard to get a computer without one.

What does a TPM do? Essentially it is just a crypto chip. It can hold keys, and sign and encrypt data with them. It's completely passive. It never takes control of your system or does anything invasive. It doesn't even monitor the bus or snoop on data flows. It merely hashes, signs and encrypts data, on request from the CPU.

How is it used for DRM? It can't be done today. They way it would be used, sometimes in the future, is to ship the chip with a unique key pre-installed in it, and with a certificate from the manufacturer on that key. Then the BIOS and OS get enhanced to do a "trusted boot" in which every software component gets its hash reported to the TPM. This allows the TPM to send out a crypto-signed "attestation" about the software configuration on the computer. It is signed by the built-in key, and that key is known to be a legitimate TPM key by virtue of the certificate that was created at manufacture time.

This lets a remote server verify that you're running a genuine version of Media Player or iTunes and not some hacked thing that will strip the DRM and put it out on the net. Your system can report its software configuration and that attestation can't be forged, because you don't control a TPM key that has a cert on it from a TPM manufacturer.

It's a complicated system, and no part of it exists today. Manufacturers don't ship TPMs with pre-installed keys, and they don't issue certificates. Nobody wants to touch that stuff with a ten foot poll. I know, I've tried to get a computer with a certified TPM for research purposes, but they're just not available.

How would Apple use a TPM to keep the OS from running on non-Apple PCs? This is the $64 question, but I haven't seen much information about it. If they just look for the presence of a TPM, that won't help much - see above for all the computers out there that have TPMs.

My guess is that it is more likely that the mechanism Apple will use or is using to keep from running on non-Apple hardware is not the TPM. They will probably use a custom chip. The TPM is extremely standard, the Trusted Computing Group has hundreds of pages documenting it. It would be crazy to twist that standard.

Rather, I'm guessing that Apple uses the TPM for crypto purposes, possibly with an eye towards eventual DRM if and when the necessary massive infrastructure ever gets built. Due to its unique position as designer of both the computer and the software, Apple might even be in a unique position with regard to rolling out some form of TPM based DRM, just as they were among the first to create a commercially successful DRM system in iTunes. My speculation is that Apple is not using the TPM to stop hackers porting its software, they're using the TPM because it's useful. It just happens that the hackers don't have many systems with TPMs.

If so, then, it is merely accidental that the use of the TPM is a road block for experimenters determined to run the Apple software on non Apple PCs. It's possible that if they looked at the list [tonymcfadden.net] they would find some computers lying around that had TPMs in them, and if they tried on those computers, the TPM software would work fine. Maybe the OS would then run in its current form. It sounds like it's worth a try, anyway.

Uh, dude, it's not 1999. Most respectable distros do all for you now anyhow (detect your vid card, sound, etc.) You might only get in a little trouble if your hardware is say a month or two old. And yes, laptops can be more annoying. Really, I find at this point linux hardware detection to be far better than windows (for the simple reason that the last installment of a consumer windows is rather old at this point.)

Case in point, I have this dell d610 latitude here I'm borriwing. On it I have windows XP pro, and SUSE 9.3. I cleaned installed windows, but unfortunately did not have the dell resource cd. That meant having to go to dell's site, pick and manually install the missing drivers. One problem being though that one of the missing drivers was the NIC. Another problem being that because the laptop was non-US, I couldn't get the specific hardware components of the model based on my serial, so the list included a lot of extraneous drivers I didn't know whether I needed or not.

Solution? Boot into SUSE, which worked out of the box, including wireless, check my hardware specs, download the right drivers to a shared FAT32 partition, and now Windows is happy...

Granted desktop Linux is _not_ perfect, but seriously the situation you describe is from a largely bygone past. (unless you're a sadist, and want to run some uber-l337 do it yourself distro to prove how awesome and c00l you think you are;-)

And of course while they are at it they can lock out bootleg Windows licenses forever, win-win for them. And if not outright outlaw Linux, at least make sure only generic whitebox motherboards from Taiwan run it. The Dell and HPs will all be locked to the copy of Windows married to their TCPA module during manufacturing. And when the non-crazed Apple Fanboy civil libertarians complain they can, with a totally straight face, claim they HAD to.
Thank you Steve Jobs. Fucktard.

Except for the vast bulk of legitimate users it doesn't, because so few of them upgrade their computers at all, let alone enough to trigger any reactivation sequence.

Are you kidding? Legitimate users are the only ones it interferes with. Pirates just use Corporate Edition and don't deal with all that bullshit.

Hell, I know lots of people who own XP because it came with their computer, and they still wipe it and throw a copy of corporate on there because the product activation/windows update bullshit screws up their system from time to time.

Don't they teach you new whippersnappers anything these days? Or do I have to explain the origin of the "No wireless. Less capacity than a Nomad. Lame." and the "and then it was like, beep beep beep..." joke to you, as well?:)

Ah, but here's my experience: for the past year, I used Linux as a desktop exclusively, mostly because of all the programming tools. I've bounced around between them.. starting with Fedora Core 3, then to SuSE, then Ubuntu Warty, then Fedora Core 3 for x86_64, then to Ubuntu Hoary, then to Fedora Core 4, then to Mepis, back to Ubuntu, back to Mepis.

Why was I doing this bouncing? The repositories all blow. That's right, ALL of them. They're nice on getting some things to work, but if you're stuck in any one of their repositories, then you might as well be stuck in the mud, because either they'll have software on the repository that needs software that isn't, or the software on the repository will be so woefully out of date that other flavors of the same parent distro have passed you by a long time ago in one way or another. And depending on which library you need to replace, replacing one with a newer binary might totally screw up your existing configuration.

And the help... the Mepis guys tell ya that if you need help to go to the IRC channel... so I do... because Streamtuner and xmms weren't working together after an install and an update from the repository. I ask how I can fix it, they tell me to ditch xmms and use RealPlayer, which works, but then Realplayer totally ignores my volume settings in KDE. This kind of crap is commonplace.

Then there's the issue of speed. Speed of booting is faster in Windows by a factor of 10. Speed of loading up a program is much faster as well. I repartitioned my drive and put Win XP back on, and was shocked at how fast it was. No more waiting 5-10 seconds for firefox to load. Even with all the shell extensions I slapped onto Windows to make it closer to the KDE and Gnome desktops I was accustomed to, it's still much faster. And sure, using something like Blackbox would cut down on time... a bit... in Linux, but Blackbox is a window manager, and I want a desktop environment that is pleasing to the eye and non-annoying. I have transparency, drop shadows, window shading, an objectbar, konfabulator, and multiple other programs running, and nothing was harder to install than by downloading a file and double clicking an icon. My desktop still runs faster and smoother, and the only thing I'm missing in Windows is good ole kill -9. And the only thing I needed to download extra libraries for was... the Gimp.

Sure, Linux does a better job with some things, like having the latest drivers with the latest distro, but most copies of Windows are OEMs that come with machines with the drivers pre-loaded. Files in the repository ARE easier to get to than having to go to a bunch of websites to download them for Windows. The desktop is more configurable without having to replace system files to do it.

However, Linux right now is just not even in the same galaxy as Windows or OSX when it comes to giving a user what they need to be productive with minimum hassle, and the people who have the organizational power and clout to make it into something that can compete refuse to do so. Why? Dunno. Maybe because they deal with so many other geeks who use the same desktops and configure the same files everyday that they never have the time or the care to deal with the issues making Linux a lame duck in the race. I'd love to scrap Windows, OSX, and any other OS that requires DRM. After all, I did it once before, but until I see some improvement that puts Linux's desktop in the same realm as the other two, I'm sticking with Windows and will relegate my Mepis partition to tinkering. And lemme tell you, it was a pain in the butt to shift files from ReiserFS to FAT32 to NFTS until I was able to clear a drive to reformat the ReiserFS to NTFS and then move them all back again... twice.

Actually such technology does exist, as there was for a time 'anti-photocopy' school books being sold in Poland, however due to the huge increase in costs in the school books, teachers, school educators went a long with alternative books that didn't have this protection.

So.. They (the publishers) stopped using the technology since it was too expensive and not making money.

I think you have to accept that in some cases, the product they are imitating wasn't done all that well, or their prefered implementation is that much closer to the OS, or may be affected by long term strategy (think Intel switch), that it may have seemed an easier alternative to just implement from scratch.

R E L E A S E N O T E SThanks to the guys at phe*NIX who released a non-working copy. Too bad we at XiSO had the OSX x86 DVD for a few weeks now, working hard on disabling the Infineon/Trusted Computing module which is present onboard of the "developer" Apple-Intel boxes. As some of you have heard, Rosetta, Apple's binary translation software used to convert PPC binaries to x86 bytecode at runtime is a primary user of this Trusted Computing module, and since majority of OSX Intel apps are actually PPC bins, not much of the OS is usable without this binary converter working. So we patched that, as well as a check during boot for "supported hardware". Enjoy!

I N S T A L L N O T E S1. Burn to DVD using your favorite burning software.2. Enjoy this fine release from XiSO.3. This has been extensively tested on various hardware configurations, but you WILL NEED a SSE2+ enabled CPU to run this on. Also, this has *NOT* been tested, and not expected to work on AMD CPU's.

In your case, you are not running the full monty yet (a
TCPA-compliant Longshorn), which is why it seems so harmless. I'm not
as optimistic as you are about what's coming down the pike. To me, Trusted Computing is like having an M-1 tank on your doorstep. Sure, it's going to be fairly harmless if there are no keys to open it, but the keys will come someday, and you won't be allowed to hold them.

You claim:

It can hold keys, and sign and encrypt data with them. It's
completely passive. It never takes control of your system...

Sorry, there's a little bit more to it, unfortunately. From the
TCG's own FAQ,

... security processes... are protected through the secure TCG
subsystem.

Access to data and secrets in a platform could be denied if
the boot sequence is not as expected...

Features include... attestation of machine configuration when booted...

It sounds simple enough, but there is a whole realm of implications
that will someday come home to roost.

(Beware when reading the TCG's own FAQ, by the way, as they adopt a deceiving "don't blame us, we're not
the ones pulling the trigger" position. So, they gloss over some of
the juicy possibilities a BIOS writer or an application writer will
likely exploit from the technical specs.)

To begin with, the first application that boots up, typically the
BIOS (probably UEFI but any other choice really), if written to do
so can refuse to allow any application to start which isn't signed
by one of the keys securely stored in the TPM. The BIOS will check
the TPM for a matching key for the OS, and if it matches, will allow
it to start. Conversely, if the key doesn't match (for example, a
bootleg OS), the BIOS can just stop right there. Keep in mind, this
is the BIOS handling this, not the TPM, but, unlike even the M-1 tank,
there is no way to tamper with the TPM to change the keys.

Now, once a trusted OS is able to start, it can decide pretty much
autocratically what other applications can start, once again using the
keys locked down by the TPM to check if they are legit or not. So,
programmatically, the TPM doesn't make the decision to lock you out of
using non-vendor applications, but it's just as well as if it
did, because the OS writer can easily use the TPM's secure,
untamperable storage to enforce it. (Note that the motherboard supplier can cooperate with
the OS writer to initialize the TPM with the appropriate keys right
out of the factory (if they wanted to). It's irrelevant if there are
no keys in there right now. The tank is still there, pointing at your
door, waiting for its keys to arrive.)

Other applications, if they are also signed by the TPM, may be
granted the privilege (by the OS) to start and, specifically, to lock
down data, such as video, in order to provide DRM functionality. If
that decision is made, there is no way you will see that video through
any other application unless the application governing the data allows
otherwise. That data can basically be owned entirely by the
application vendor, not you (as different from what the TCG claims,
because no one's going to enjoy watching encrypted video gibberish.
You can technically "own" the gibberish, but you still can't watch the
video...). You may have a choice to delete a video, for example, but
not to view it unless that vendor allows it. It is a backdoor way of
implementing the media (DVD, CD, etc.) equivalent of the broadcast
flag, if the app writer and OS vendor cooperate to that
effect.

Unsigned applications may be allowed to start too, and the TCG
spec says that this is in the "user's" control, but let's face it,
it's really in the OS vendor's control because they control the
machine all the way from bootup. There isn't a little switch on the
TPM chip to allow you to override your OS' choice in the matter.
Still, it's possible that